Permalink
Browse files

Merge pull request #58 from eivindfjeldstad/patch-1

Use nullary objects
  • Loading branch information...
2 parents 936b5e4 + 46f0d3c commit 8d2276fb97b84685117a69d92dbecafec8c0a3f2 @tj committed Apr 26, 2013
Showing with 20 additions and 4 deletions.
  1. +14 −4 index.js
  2. +6 −0 test/parse.js
View
@@ -58,14 +58,24 @@ var reduce = function(arr, fn, initial) {
};
/**
+ * Create a nullary object if possible
+ */
+
+var objectCreate = function () {
+ return Object.create
+ ? Object.create(null)
+ : {};
+}
+
+/**
* Cache non-integer test regexp.
*/
var isint = /^[0-9]+$/;
function promote(parent, key) {
- if (parent[key].length == 0) return parent[key] = {};
- var t = {};
+ if (parent[key].length == 0) return parent[key] = objectCreate();
+ var t = objectCreate();
for (var i in parent[key]) t[i] = parent[key][i];
parent[key] = t;
return t;
@@ -121,7 +131,7 @@ function merge(parent, key, val){
// optimize
} else {
if (!isint.test(key) && isArray(parent.base)) {
- var t = {};
+ var t = objectCreate();
for (var k in parent.base) t[k] = parent.base[k];
parent.base = t;
}
@@ -160,7 +170,7 @@ function parseString(str){
if ('' == key) return ret;
return merge(ret, decode(key), decode(val));
- }, { base: {} }).base;
+ }, { base: objectCreate() }).base;
}
/**
View
@@ -149,4 +149,10 @@ describe('qs.parse()', function(){
expect(qs.parse('_r=1&'))
.to.eql({ _r: '1' })
})
+
+ it('should not be possible to access Object prototype', function() {
+ qs.parse('constructor[prototype][bad]=bad');
+ qs.parse('bad[constructor][prototype][bad]=bad');
+ expect(Object.prototype.bad).to.be(undefined);
+ });
})

0 comments on commit 8d2276f

Please sign in to comment.